Tech Support Forum - View Single Post - Need help getting rid of possible trojans (prun.exe, tmpa9.exe...)

hfraser · 11-14-2008, 10:52 AM

Hi,

There were no combofix.txt files at all in that folder on my c: drive.

OTMoveIt3 asked me to reboot, but because you didn't mention this, I said no to the prompt to reboot. Should I have rebooted before running RSIT?

Here are the logs you asked for:

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a82b002d-b784-4ccf-8b86-8d910baa2fe5}\\ deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vikideyozo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Lsass Service deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00ADF46\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32\\ deleted successfully.
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\goyevayo.dll
C:\WINDOWS\system32\goyevayo.dll NOT unregistered.
C:\WINDOWS\system32\goyevayo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vumefesa.dll
C:\WINDOWS\system32\vumefesa.dll NOT unregistered.
C:\WINDOWS\system32\vumefesa.dll moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\c00ADF46.mat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\fagometo.dll
C:\WINDOWS\system32\fagometo.dll NOT unregistered.
C:\WINDOWS\system32\fagometo.dll moved successfully.
File/Folder C:\WINDOWS\tasks\favwayzi.job not found.
C:\Documents and Settings\Helen Fraser\Application Data\NI.GSCNS moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRKARiG.dll
C:\WINDOWS\system32\rqRKARiG.dll NOT unregistered.
C:\WINDOWS\system32\rqRKARiG.dll moved successfully.
File/Folder C:\WINDOWS\system32\urqPghiG.dll not found.
C:\WINDOWS\system32\sX3i19 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HELENF~1\LOCALS~1\Temp\etilqs_8ChKOx0N0uhF9yYtbZhw scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HELENF~1\LOCALS~1\Temp\Perflib_Perfdata_c34.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HELENF~1\LOCALS~1\Temp\~DFFBC3.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_17c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11142008_174338

Logfile of random's system information tool 1.04 (written by random/random)
Run by Helen Fraser at 2008-11-14 17:47:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (30%) free of 34 GB
Total RAM: 510 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48, on 14/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Kontiki\KService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Helen Fraser\Desktop\RSIT.exe
C:\Program Files\trend micro\Helen Fraser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {a82b002d-b784-4ccf-8b86-8d910baa2fe5} - C:\WINDOWS\system32\fagometo.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vikideyozo] Rundll32.exe "C:\WINDOWS\system32\goyevayo.dll",s
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Helen Fraser\Desktop\OTMoveIt3.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [vikideyozo] Rundll32.exe "C:\WINDOWS\system32\goyevayo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [vikideyozo] Rundll32.exe "C:\WINDOWS\system32\goyevayo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/fr...ouseplayer.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/fr...esLauncher.cab
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) - http://www.rockefellercenter.com/viewer/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vG...RichUpload.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game14.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup161.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\vumefesa.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: c00ADF46 - C:\WINDOWS\SYSTEM32\c00ADF46.mat
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11771 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (HELEN-Helen Fraser).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-11-16 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a82b002d-b784-4ccf-8b86-8d910baa2fe5}]
C:\WINDOWS\system32\fagometo.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2004-03-04 211828]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2004-03-04 487424]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248]
"VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-02-16 147456]
"VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2004-03-24 1380352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035]
"OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-30 185896]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576]
"vikideyozo"=C:\WINDOWS\system32\goyevayo.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"OTMoveIt"=C:\Documents and Settings\Helen Fraser\Desktop\OTMoveIt3.exe [2008-11-14 349696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-05-09 50736]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\vumefesa.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-27 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00ADF46]
C:\WINDOWS\system32\c00ADF46.mat [2008-11-08 20992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\vumefesa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-14 17:43:38 ----D---- C:\_OTMoveIt
2008-11-13 21:45:31 ----A---- C:\WINDOWS\zip.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\VFIND.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\SWSC.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\SWREG.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\sed.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\grep.exe
2008-11-13 21:45:31 ----A---- C:\WINDOWS\fdsv.exe
2008-11-13 21:45:26 ----D---- C:\Qoobox
2008-11-13 21:45:25 ----D---- C:\ComboFix
2008-11-13 21:45:25 ----A---- C:\WINDOWS\system32\CF7977.exe
2008-11-13 21:40:38 ----A---- C:\WINDOWS\system32\CF7037.exe
2008-11-13 21:39:24 ----A---- C:\WINDOWS\system32\CF6762.exe
2008-11-13 19:24:03 ----A---- C:\WINDOWS\system32\CF13033.exe
2008-11-12 22:53:50 ----D---- C:\Program Files\Hijackthis
2008-11-08 23:44:32 ----D---- C:\rsit
2008-11-08 23:17:52 ----A---- C:\WINDOWS\gmer.ini
2008-11-08 23:17:50 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-08 23:17:49 ----A---- C:\WINDOWS\gmer.exe
2008-11-08 23:17:49 ----A---- C:\WINDOWS\gmer.dll
2008-11-08 14:52:18 ----D---- C:\Temp
2008-11-02 00:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-01 15:20:08 ----D---- C:\WINDOWS\Prefetch
2008-11-01 15

06 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-01 15:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 15:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 15:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 15:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-01 15:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 15:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-01 15:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-01 15:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-01 15:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-01 15:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-01 15:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-01 15:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-01 15:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-01 15:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-01 15:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-01 15:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-01 15:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-01 15:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-01 14:57:38 ----D---- C:\WINDOWS\system32\en-us
2008-11-01 14:57:37 ----D---- C:\WINDOWS\system32\scripting
2008-11-01 14:57:35 ----D---- C:\WINDOWS\l2schemas
2008-11-01 14:57:34 ----D---- C:\WINDOWS\system32\en
2008-11-01 14:57:33 ----D---- C:\WINDOWS\system32\bits
2008-11-01 14:54:00 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-01 14:50:41 ----D---- C:\WINDOWS\network diagnostic
2008-11-01 14:45:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-01 14:45:52 ----D---- C:\WINDOWS\EHome
2008-10-23 22:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-20 21:21:47 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-20 21:21:44 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-20 21:21:42 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-20 21:21:40 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-20 21:21:40 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-20 21:21:25 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-20 21:21:25 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-20 21:21:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-20 21:21:18 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-20 21:21:16 ----N---- C:\WINDOWS\system32\slserv.exe
2008-10-20 21:21:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-10-20 21:21:16 ----N---- C:\WINDOWS\slrundll.exe
2008-10-20 21:21:15 ----N---- C:\WINDOWS\system32\slgen.dll
2008-10-20 21:21:15 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-10-20 21:21:15 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-10-20 21:21:10 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-20 21:21:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-10-20 21:21:02 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-20 21:21:01 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-20 21:21:00 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-20 21:20:59 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-20 21:20:58 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-20 21:20:58 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-20 21:20:57 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-20 21:20:53 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-20 21:20:37 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-20 21:20:36 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-20 21:20:36 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-20 21:20:33 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-20 21:20:31 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-20 21:20:30 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-20 21:20:22 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-20 21:20:22 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-20 21:19:50 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-20 21:19:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-20 21:19:49 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-20 21:19:48 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-20 21:19:08 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-20 21:19:07 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-20 21:19:06 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-20 21:19:06 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-20 21:19:05 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-20 21:19:05 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-20 21:18:50 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-20 21:18:36 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-10-20 21:18:36 ----A---- C:\WINDOWS\002750_.tmp
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-20 21:18:23 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-20 21:18:23 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-20 21:18:20 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-20 21:18:20 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-20 21:18:19 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-20 21:18:14 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-20 21:18:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-20 21:18:02 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-20 21:18:01 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-20 21:18:01 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-20 21:17:44 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-19 00:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-19 00:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 00:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-19 00:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-19 00:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-19 00:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-18 17:31:20 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-18 17:31:19 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-18 17:31:18 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-18 16:14:53 ----A---- C:\Program Files\Silverlight.2.0.exe

======List of files/folders modified in the last 1 months======

2008-11-14 17:48:02 ----D---- C:\Program Files\Trend Micro
2008-11-14 17:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-11-14 17:47:17 ----D---- C:\Program Files\Mozilla Firefox
2008-11-14 17:43:51 ----D---- C:\WINDOWS\Temp
2008-11-14 17:43:44 ----D---- C:\WINDOWS\SYSTEM32
2008-11-14 17:24:54 ----D---- C:\WINDOWS
2008-11-14 17:24:40 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2008-11-13 21:45:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-13 21:44:55 ----SHD---- C:\System Volume Information
2008-11-13 21:44:55 ----D---- C:\WINDOWS\system32\Restore
2008-11-13 21:43:27 ----D---- C:\WINDOWS\ERDNT
2008-11-13 21:01:51 ----SHD---- C:\WINDOWS\Installer
2008-11-13 20:52:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-13 19:34:38 ----A---- C:\WINDOWS\system.ini
2008-11-13 19:34:06 ----D---- C:\WINDOWS\system32\DRIVERS
2008-11-13 19:32:22 ----D---- C:\WINDOWS\system32\CONFIG
2008-11-13 19:29:14 ----D---- C:\Program Files\Common Files
2008-11-13 19:29:13 ----D---- C:\WINDOWS\AppPatch
2008-11-13 19:23:30 ----RD---- C:\Program Files
2008-11-13 19:23:30 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-11 18:01:39 ----SD---- C:\WINDOWS\Tasks
2008-11-09 18:09:35 ----A---- C:\WINDOWS\cdplayer.ini
2008-11-08 23:04:36 ----HD---- C:\WINDOWS\INF
2008-11-07 19:43:47 ----A---- C:\WINDOWS\WIN.INI
2008-11-06 22:17:06 ----RSD---- C:\WINDOWS\ASSEMBLY
2008-11-06 22:15:59 ----RSD---- C:\WINDOWS\Fonts
2008-11-06 22:15:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-02 00:09:08 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2008-11-01 16:01:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-01 15:23:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 15:22:22 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-01 15:20:42 ----A---- C:\WINDOWS\setuplog.txt
2008-11-01 15:19:30 ----D---- C:\WINDOWS\system32\Setup
2008-11-01 15:19:29 ----D---- C:\WINDOWS\system32\WBEM
2008-11-01 15:08:12 ----D---- C:\WINDOWS\SECURITY
2008-11-01 15

31 ----A---- C:\WINDOWS\imsins.BAK
2008-11-01 15

14 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-01 15:02:51 ----D---- C:\Program Files\Messenger
2008-11-01 14:58:13 ----D---- C:\WINDOWS\WinSxS
2008-11-01 14:58:00 ----D---- C:\WINDOWS\IME
2008-11-01 14:57:59 ----D---- C:\WINDOWS\Help
2008-11-01 14:57:38 ----D---- C:\WINDOWS\system32\USMT
2008-11-01 14:57:37 ----D---- C:\Program Files\Internet Explorer
2008-11-01 14:57:33 ----D---- C:\WINDOWS\PeerNet
2008-11-01 14:57:33 ----D---- C:\Program Files\Movie Maker
2008-11-01 14:53:52 ----D---- C:\WINDOWS\system32\NPP
2008-11-01 14:53:50 ----D---- C:\WINDOWS\MSAGENT
2008-11-01 14:53:49 ----D---- C:\WINDOWS\SRCHASST
2008-11-01 14:53:48 ----D---- C:\Program Files\NetMeeting
2008-11-01 14:53:46 ----D---- C:\WINDOWS\system32\Com
2008-11-01 14:53:43 ----D---- C:\Program Files\Windows Media Player
2008-11-01 14:53:42 ----D---- C:\Program Files\Windows NT
2008-11-01 14:53:42 ----D---- C:\Program Files\Outlook Express
2008-11-01 14:53:38 ----D---- C:\Program Files\Common Files\System
2008-11-01 14:53:13 ----D---- C:\WINDOWS\system32\OOBE
2008-11-01 14:53:08 ----D---- C:\WINDOWS\SYSTEM
2008-11-01 14:49:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-21 19:39:05 ----D---- C:\Program Files\DivX
2008-10-20 20:05:07 ----D---- C:\WINDOWS\Debug
2008-10-19 10:51:15 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2004-05-06 83181]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-02 5632]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-01-02 44032]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-11-13 197120]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SIS162u;SiS 162 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis162u.sys [2004-04-06 153600]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2003-11-07 248752]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-13 182688]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-27 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-27 98938]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-08 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2003-09-02 503808]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

11-14-2008, 10:52 AM	#9 (permalink)
hfraser Registered User Join Date: Apr 2008 Posts: 22 OS: XP SP2	Re: Need help getting rid of possible trojans (prun.exe, tmpa9.exe...) Hi, There were no combofix.txt files at all in that folder on my c: drive. OTMoveIt3 asked me to reboot, but because you didn't mention this, I said no to the prompt to reboot. Should I have rebooted before running RSIT? Here are the logs you asked for: ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a82b002d-b784-4ccf-8b86-8d910baa2fe5}\\ deleted successfully. HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"\|"" /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vikideyozo deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Lsass Service deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00ADF46\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32\\ deleted successfully. ========== FILES ========== DllUnregisterServer procedure not found in C:\WINDOWS\system32\goyevayo.dll C:\WINDOWS\system32\goyevayo.dll NOT unregistered. C:\WINDOWS\system32\goyevayo.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\vumefesa.dll C:\WINDOWS\system32\vumefesa.dll NOT unregistered. C:\WINDOWS\system32\vumefesa.dll moved successfully. File move failed. C:\WINDOWS\SYSTEM32\c00ADF46.mat scheduled to be moved on reboot. DllUnregisterServer procedure not found in C:\WINDOWS\system32\fagometo.dll C:\WINDOWS\system32\fagometo.dll NOT unregistered. C:\WINDOWS\system32\fagometo.dll moved successfully. File/Folder C:\WINDOWS\tasks\favwayzi.job not found. C:\Documents and Settings\Helen Fraser\Application Data\NI.GSCNS moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRKARiG.dll C:\WINDOWS\system32\rqRKARiG.dll NOT unregistered. C:\WINDOWS\system32\rqRKARiG.dll moved successfully. File/Folder C:\WINDOWS\system32\urqPghiG.dll not found. C:\WINDOWS\system32\sX3i19 moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\HELENF~1\LOCALS~1\Temp\etilqs_8ChKOx0N0uhF9yYtbZhw scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\HELENF~1\LOCALS~1\Temp\Perflib_Perfdata_c34.dat scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\HELENF~1\LOCALS~1\Temp\~DFFBC3.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_17c.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Helen Fraser\Local Settings\Application Data\Mozilla\Firefox\Profiles\fnq9nq0b.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11142008_174338 Logfile of random's system information tool 1.04 (written by random/random) Run by Helen Fraser at 2008-11-14 17:47:38 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 10 GB (30%) free of 34 GB Total RAM: 510 MB (12% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:48, on 14/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Kontiki\KService.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe c:\program files\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Helen Fraser\Desktop\RSIT.exe C:\Program Files\trend micro\Helen Fraser.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {a82b002d-b784-4ccf-8b86-8d910baa2fe5} - C:\WINDOWS\system32\fagometo.dll (file missing) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [vikideyozo] Rundll32.exe "C:\WINDOWS\system32\goyevayo.dll",s O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\Helen Fraser\Desktop\OTMoveIt3.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-GB ee://aol/imApp O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [vikideyozo] Rundll32.exe "C:\WINDOWS\system32\goyevayo.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [vikideyozo] Rundll32.exe "C:\WINDOWS\system32\goyevayo.dll",s (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://aolsvc.aol.com/onlinegames/fr...ouseplayer.cab O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://aolsvc.aol.com/onlinegames/fr...esLauncher.cab O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (WebEyeControl) - http://www.rockefellercenter.com/viewer/wg_webeye.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O16 - DPF: {BE71A78B-77DB-451C-A761-59B37022D544} (AOL Newport Downloader Ctrl) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vG...RichUpload.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game14.zylomgames.com/activex/zylomloader.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game...nematycoon.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup161.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\vumefesa.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: c00ADF46 - C:\WINDOWS\SYSTEM32\c00ADF46.mat O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- End of file - 11771 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (HELEN-Helen Fraser).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}] DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-11-16 118842] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a82b002d-b784-4ccf-8b86-8d910baa2fe5}] C:\WINDOWS\system32\fagometo.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784] "DadApp"=C:\Program Files\Dell\AccessDirect\dadapp.exe [2004-03-04 211828] "Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2004-03-04 487424] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-05-13 98304] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-05-14 536576] "UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592] "PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816] "DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-11 53248] "VSOCheckTask"=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552] "MCAgentExe"=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104] "MCUpdateExe"=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992] "AOL Spyware Protection"=C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [2004-02-16 147456] "VirusScan Online"=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840] "MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [2004-03-24 1380352] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035] "OASClnt"=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-11 53248] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-03-30 185896] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576] "vikideyozo"=C:\WINDOWS\system32\goyevayo.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "OTMoveIt"=C:\Documents and Settings\Helen Fraser\Desktop\OTMoveIt3.exe [2008-11-14 349696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200] "kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-13 206064] "Aim6"=C:\Program Files\AIM6\aim6.exe [2007-05-09 50736] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-05 1576176] "Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\vumefesa.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-27 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00ADF46] C:\WINDOWS\system32\c00ADF46.mat [2008-11-08 20992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINDOWS\system32\vumefesa.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe::Enabled:Delivery Manager Service" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe::Enabled:Veoh Client" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe::Enabled:AIM" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe::Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE::Disabled:LEXPPS.EXE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2008-11-14 17:43:38 ----D---- C:\_OTMoveIt 2008-11-13 21:45:31 ----A---- C:\WINDOWS\zip.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\VFIND.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\SWXCACLS.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\SWSC.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\SWREG.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\sed.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\NIRCMD.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\grep.exe 2008-11-13 21:45:31 ----A---- C:\WINDOWS\fdsv.exe 2008-11-13 21:45:26 ----D---- C:\Qoobox 2008-11-13 21:45:25 ----D---- C:\ComboFix 2008-11-13 21:45:25 ----A---- C:\WINDOWS\system32\CF7977.exe 2008-11-13 21:40:38 ----A---- C:\WINDOWS\system32\CF7037.exe 2008-11-13 21:39:24 ----A---- C:\WINDOWS\system32\CF6762.exe 2008-11-13 19:24:03 ----A---- C:\WINDOWS\system32\CF13033.exe 2008-11-12 22:53:50 ----D---- C:\Program Files\Hijackthis 2008-11-08 23:44:32 ----D---- C:\rsit 2008-11-08 23:17:52 ----A---- C:\WINDOWS\gmer.ini 2008-11-08 23:17:50 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-11-08 23:17:49 ----A---- C:\WINDOWS\gmer.exe 2008-11-08 23:17:49 ----A---- C:\WINDOWS\gmer.dll 2008-11-08 14:52:18 ----D---- C:\Temp 2008-11-02 00:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-11-01 15:20:08 ----D---- C:\WINDOWS\Prefetch 2008-11-01 1506 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-01 15:05:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-11-01 15:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-11-01 15:04:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-11-01 15:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2008-11-01 15:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-11-01 15:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$ 2008-11-01 15:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-11-01 15:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-11-01 15:03:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-11-01 15:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-11-01 15:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-11-01 15:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-11-01 15:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-11-01 15:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-11-01 15:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-11-01 15:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$ 2008-11-01 15:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-11-01 15:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-11-01 14:57:38 ----D---- C:\WINDOWS\system32\en-us 2008-11-01 14:57:37 ----D---- C:\WINDOWS\system32\scripting 2008-11-01 14:57:35 ----D---- C:\WINDOWS\l2schemas 2008-11-01 14:57:34 ----D---- C:\WINDOWS\system32\en 2008-11-01 14:57:33 ----D---- C:\WINDOWS\system32\bits 2008-11-01 14:54:00 ----D---- C:\WINDOWS\ServicePackFiles 2008-11-01 14:50:41 ----D---- C:\WINDOWS\network diagnostic 2008-11-01 14:45:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-11-01 14:45:52 ----D---- C:\WINDOWS\EHome 2008-10-23 22:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$ 2008-10-20 21:21:47 ----N---- C:\WINDOWS\system32\xmllite.dll 2008-10-20 21:21:44 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-10-20 21:21:42 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-10-20 21:21:40 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-10-20 21:21:40 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-10-20 21:21:25 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-10-20 21:21:25 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-10-20 21:21:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe 2008-10-20 21:21:18 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-10-20 21:21:16 ----N---- C:\WINDOWS\system32\slserv.exe 2008-10-20 21:21:16 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-10-20 21:21:16 ----N---- C:\WINDOWS\slrundll.exe 2008-10-20 21:21:15 ----N---- C:\WINDOWS\system32\slgen.dll 2008-10-20 21:21:15 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-10-20 21:21:15 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-10-20 21:21:10 ----N---- C:\WINDOWS\system32\setupn.exe 2008-10-20 21:21:03 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-10-20 21:21:02 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-10-20 21:21:01 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-10-20 21:21:00 ----N---- C:\WINDOWS\system32\qutil.dll 2008-10-20 21:20:59 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-10-20 21:20:58 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-10-20 21:20:58 ----N---- C:\WINDOWS\system32\qagent.dll 2008-10-20 21:20:57 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-10-20 21:20:53 ----N---- C:\WINDOWS\system32\onex.dll 2008-10-20 21:20:37 ----N---- C:\WINDOWS\system32\napstat.exe 2008-10-20 21:20:36 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-10-20 21:20:36 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-10-20 21:20:33 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-10-20 21:20:31 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-10-20 21:20:30 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-10-20 21:20:22 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-10-20 21:20:22 ----N---- C:\WINDOWS\system32\mssha.dll 2008-10-20 21:19:50 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-10-20 21:19:50 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-10-20 21:19:49 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-10-20 21:19:48 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-10-20 21:19:08 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-10-20 21:19:07 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-10-20 21:19:06 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-10-20 21:19:06 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-10-20 21:19:05 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-10-20 21:19:05 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-10-20 21:18:50 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-10-20 21:18:36 ----N---- C:\WINDOWS\system32\faxpatch.exe 2008-10-20 21:18:36 ----A---- C:\WINDOWS\002750_.tmp 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-10-20 21:18:34 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-10-20 21:18:24 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-10-20 21:18:23 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-10-20 21:18:23 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-10-20 21:18:20 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-10-20 21:18:20 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-10-20 21:18:19 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-10-20 21:18:14 ----N---- C:\WINDOWS\system32\credssp.dll 2008-10-20 21:18:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-10-20 21:18:02 ----N---- C:\WINDOWS\system32\azroles.dll 2008-10-20 21:18:01 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-10-20 21:18:01 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-10-20 21:18:00 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-10-20 21:17:44 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-10-19 00:28:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$ 2008-10-19 00:27:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-19 00:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$ 2008-10-19 00:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$ 2008-10-19 00:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$ 2008-10-19 00:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$ 2008-10-18 17:31:20 ----A---- C:\WINDOWS\system32\muweb.dll 2008-10-18 17:31:19 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2008-10-18 17:31:18 ----A---- C:\WINDOWS\system32\mucltui.dll 2008-10-18 16:14:53 ----A---- C:\Program Files\Silverlight.2.0.exe ======List of files/folders modified in the last 1 months====== 2008-11-14 17:48:02 ----D---- C:\Program Files\Trend Micro 2008-11-14 17:47:28 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki 2008-11-14 17:47:17 ----D---- C:\Program Files\Mozilla Firefox 2008-11-14 17:43:51 ----D---- C:\WINDOWS\Temp 2008-11-14 17:43:44 ----D---- C:\WINDOWS\SYSTEM32 2008-11-14 17:24:54 ----D---- C:\WINDOWS 2008-11-14 17:24:40 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt 2008-11-13 21:45:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-13 21:44:55 ----SHD---- C:\System Volume Information 2008-11-13 21:44:55 ----D---- C:\WINDOWS\system32\Restore 2008-11-13 21:43:27 ----D---- C:\WINDOWS\ERDNT 2008-11-13 21:01:51 ----SHD---- C:\WINDOWS\Installer 2008-11-13 20:52:56 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-13 19:34:38 ----A---- C:\WINDOWS\system.ini 2008-11-13 19:34:06 ----D---- C:\WINDOWS\system32\DRIVERS 2008-11-13 19:32:22 ----D---- C:\WINDOWS\system32\CONFIG 2008-11-13 19:29:14 ----D---- C:\Program Files\Common Files 2008-11-13 19:29:13 ----D---- C:\WINDOWS\AppPatch 2008-11-13 19:23:30 ----RD---- C:\Program Files 2008-11-13 19:23:30 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-11-11 18:01:39 ----SD---- C:\WINDOWS\Tasks 2008-11-09 18:09:35 ----A---- C:\WINDOWS\cdplayer.ini 2008-11-08 23:04:36 ----HD---- C:\WINDOWS\INF 2008-11-07 19:43:47 ----A---- C:\WINDOWS\WIN.INI 2008-11-06 22:17:06 ----RSD---- C:\WINDOWS\ASSEMBLY 2008-11-06 22:15:59 ----RSD---- C:\WINDOWS\Fonts 2008-11-06 22:15:13 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-11-02 00:09:08 ----RSHD---- C:\WINDOWS\system32\DLLCACHE 2008-11-01 16:01:10 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-01 15:23:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-01 15:22:22 ----A---- C:\WINDOWS\OEWABLog.txt 2008-11-01 15:20:42 ----A---- C:\WINDOWS\setuplog.txt 2008-11-01 15:19:30 ----D---- C:\WINDOWS\system32\Setup 2008-11-01 15:19:29 ----D---- C:\WINDOWS\system32\WBEM 2008-11-01 15:08:12 ----D---- C:\WINDOWS\SECURITY 2008-11-01 1531 ----A---- C:\WINDOWS\imsins.BAK 2008-11-01 1514 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-01 15:02:51 ----D---- C:\Program Files\Messenger 2008-11-01 14:58:13 ----D---- C:\WINDOWS\WinSxS 2008-11-01 14:58:00 ----D---- C:\WINDOWS\IME 2008-11-01 14:57:59 ----D---- C:\WINDOWS\Help 2008-11-01 14:57:38 ----D---- C:\WINDOWS\system32\USMT 2008-11-01 14:57:37 ----D---- C:\Program Files\Internet Explorer 2008-11-01 14:57:33 ----D---- C:\WINDOWS\PeerNet 2008-11-01 14:57:33 ----D---- C:\Program Files\Movie Maker 2008-11-01 14:53:52 ----D---- C:\WINDOWS\system32\NPP 2008-11-01 14:53:50 ----D---- C:\WINDOWS\MSAGENT 2008-11-01 14:53:49 ----D---- C:\WINDOWS\SRCHASST 2008-11-01 14:53:48 ----D---- C:\Program Files\NetMeeting 2008-11-01 14:53:46 ----D---- C:\WINDOWS\system32\Com 2008-11-01 14:53:43 ----D---- C:\Program Files\Windows Media Player 2008-11-01 14:53:42 ----D---- C:\Program Files\Windows NT 2008-11-01 14:53:42 ----D---- C:\Program Files\Outlook Express 2008-11-01 14:53:38 ----D---- C:\Program Files\Common Files\System 2008-11-01 14:53:13 ----D---- C:\WINDOWS\system32\OOBE 2008-11-01 14:53:08 ----D---- C:\WINDOWS\SYSTEM 2008-11-01 14:49:31 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-21 19:39:05 ----D---- C:\Program Files\DivX 2008-10-20 20:05:07 ----D---- C:\WINDOWS\Debug 2008-10-19 10:51:15 ----D---- C:\Program Files\Microsoft Silverlight 2008-10-15 16:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 MPFIREWL;MPFIREWL; C:\WINDOWS\System32\Drivers\MpFirewall.sys [2004-05-06 83181] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-07-02 5632] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys [] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603] R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-01-02 44032] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816] R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-11-13 197120] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874] R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 SIS162u;SiS 162 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis162u.sys [2004-04-06 153600] R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2003-11-07 248752] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-05-13 182688] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808] S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-27 120830] S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-27 98938] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-08 85969] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-02-25 1123440] R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296] R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976] R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184] R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368] R2 MpfService;McAfee Personal Firewall Service; C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe [2003-09-02 503808] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872] S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040] S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF-----------------